Snort mailing list archives
Re: Starting snort against multiple interfaces?
From: "Bill Marquette" <wlmarque () hewitt com>
Date: Tue, 19 Jun 2001 15:19:51 -0500
Kiira,
http://snort.sourceforge.net/snort-daily.tar.gz contains a daily snapshot
of the CVS tree. Be warned though, I believe it's a tarball of the actual CVS
tree, not the export (or checked out) tree. This should at least get you around
your firewall issues :) Alternately, I make a snapshot at midnight CDT, that is
a checked out version, it's available (if you want to trust me :)) at:
http://www.danger.ms/~billm/snort-current.tgz
--Bill
|--------+------------------------------->
| | Kiira Triea |
| | <kiira-t@mail.bsasinc|
| | .org> |
| | |
| | 06/19/2001 01:52 PM |
| | |
|--------+------------------------------->
>-------------------------------------------------------------------------|
| |
| To: fygrave () tigerteam net (Fyodor) |
| cc: snort-users () lists sourceforge net |
| Client: |
| Subject: Re: [Snort-users] Starting snort against multiple |
| interfaces? |
>-------------------------------------------------------------------------|
Hi,
On Tue, Jun 19, 2001 at 12:30:45PM -0400, Kiira Triea wrote:Ok, it's my day for goofy questions I guess. I have recompiled snort using Sebastian Krahmer's patched libpcap, I am using a 2.2.16 kernel and all went well with the build. If I understand the docs I've found on this I should be able to start snort like: './snort -D -i any -c snort.conf' and have it read from all nics? Instead I get Initializing Network Interface any ioctl(SIOCGIFMTU): No such device ERROR: Can not get MTU of an interface any! ????Looks like old snort (1.7x something) is used here. :) We have done a few fixes here: 1. It's recomended to use recent version from www.tcpdump.org, they have fixed a few things in Sebastian's code and incorporated the patch. 2. More recent snort, we have fixed support of interface 'any' in it :)
Yes Ok, I am using ver 1.7 from snort.org. Poop. When is ver. 8 expected ready for prime time? Getting cvs working is not going through my firewall it looks. thanks, Kiira _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Starting snort against multiple interfaces? Kiira Triea (Jun 19)
- Re: Starting snort against multiple interfaces? Fyodor (Jun 19)
- Re: Starting snort against multiple interfaces? Kiira Triea (Jun 19)
- Re: Starting snort against multiple interfaces? Erek Adams (Jun 19)
- Re: Starting snort against multiple interfaces? Kiira Triea (Jun 19)
- <Possible follow-ups>
- Re: Starting snort against multiple interfaces? Bill Marquette (Jun 19)
- Re: Starting snort against multiple interfaces? Brian Caswell (Jun 19)
- Re: Starting snort against multiple interfaces? Bill Marquette (Jun 19)
- Re: Starting snort against multiple interfaces? Fyodor (Jun 19)